From 2d181f2a4711c3b7bd17805c7a3db36822cca105 Mon Sep 17 00:00:00 2001 From: Dax Raad Date: Tue, 12 Aug 2025 11:19:57 -0400 Subject: [PATCH] sync --- .github/workflows/duplicate-issues.yml | 50 +++++++ .github/workflows/guidelines-check.yml | 41 +++++ .opencode/agent/github.md | 11 ++ packages/web/src/content/docs/docs/agents.mdx | 141 ++++++++++++++++++ 4 files changed, 243 insertions(+) create mode 100644 .opencode/agent/github.md diff --git a/.github/workflows/duplicate-issues.yml b/.github/workflows/duplicate-issues.yml index e69de29bb..ba9577dbb 100644 --- a/.github/workflows/duplicate-issues.yml +++ b/.github/workflows/duplicate-issues.yml @@ -0,0 +1,50 @@ +name: Duplicate Issue Detection + +on: + issues: + types: [opened] + +jobs: + check-duplicates: + runs-on: ubuntu-latest + permissions: + contents: read + issues: write + id-token: write + steps: + - name: Checkout repository + uses: actions/checkout@v4 + with: + fetch-depth: 1 + + - name: Install opencode + run: curl -fsSL https://opencode.ai/install | bash + + - name: Check for duplicate issues + env: + ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + opencode run --agent github -m anthropic/claude-sonnet-4-20250514 "A new issue has been created: '${{ github.event.issue.title }}' + + Issue body: + ${{ github.event.issue.body }} + + Please search through existing issues in this repository to find any potential duplicates of this new issue. Consider: + 1. Similar titles or descriptions + 2. Same error messages or symptoms + 3. Related functionality or components + 4. Similar feature requests + + If you find any potential duplicates, please comment on the new issue with: + - A brief explanation of why it might be a duplicate + - Links to the potentially duplicate issues + - A suggestion to check those issues first + + Use this format for the comment: + '👋 This issue might be a duplicate of existing issues. Please check: + - #[issue_number]: [brief description of similarity] + + If none of these address your specific case, please let us know how this issue differs.' + + If no clear duplicates are found, do not comment." diff --git a/.github/workflows/guidelines-check.yml b/.github/workflows/guidelines-check.yml index e69de29bb..3ac59867e 100644 --- a/.github/workflows/guidelines-check.yml +++ b/.github/workflows/guidelines-check.yml @@ -0,0 +1,41 @@ +name: Guidelines Check + +on: + pull_request: + types: [opened, synchronize] + +jobs: + check-guidelines: + runs-on: ubuntu-latest + permissions: + contents: read + pull-requests: write + id-token: write + steps: + - name: Checkout repository + uses: actions/checkout@v4 + with: + fetch-depth: 1 + + - name: Install opencode + run: curl -fsSL https://opencode.ai/install | bash + + - name: Check PR guidelines compliance + env: + ANTHROPIC_API_KEY: ${{ secrets.ANTHROPIC_API_KEY }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + run: | + opencode run --agent github -m anthropic/claude-sonnet-4-20250514 "A new pull request has been created: '${{ github.event.pull_request.title }}' + + PR description: + ${{ github.event.pull_request.body }} + + Please check all the code changes in this pull request against the guidelines in AGENTS.md file in this repository. + + For each violation you find, create a file comment using the gh CLI. Use this exact format for each violation: + + \`\`\`bash + gh pr review ${{ github.event.pull_request.number }} --comment-body 'This violates the AGENTS.md guideline: [specific rule]. Consider: [suggestion]' --file 'path/to/file.ts' --line [line_number] + \`\`\` + + Only create comments for actual violations. If the code follows all guidelines, don't run any gh commands." diff --git a/.opencode/agent/github.md b/.opencode/agent/github.md new file mode 100644 index 000000000..c6dde1a05 --- /dev/null +++ b/.opencode/agent/github.md @@ -0,0 +1,11 @@ +--- +permission: + bash: + "*": "deny" + "gh*": "allow" +mode: subagent +--- + +You are running in github actions, typically to evaluate a PR. Do not do +anything that is outside the scope of that. You have access to the bash tool but +you can only run `gh` cli commands with it. diff --git a/packages/web/src/content/docs/docs/agents.mdx b/packages/web/src/content/docs/docs/agents.mdx index bcb0eca2a..beb1b29ae 100644 --- a/packages/web/src/content/docs/docs/agents.mdx +++ b/packages/web/src/content/docs/docs/agents.mdx @@ -358,6 +358,147 @@ Here are all the tools can be controlled through the agent config. --- +### Permissions + +Permissions control what actions an agent can take. + +- edit, bash, webfetch + +Each permission can be set to allow, ask, or deny. + +- allow, ask, deny + +Configure permissions globally in opencode.json. + +```json title="opencode.json" +{ + "$schema": "https://opencode.ai/config.json", + "permission": { + "edit": "ask", + "bash": "allow", + "webfetch": "deny" + } +} +``` + +You can override permissions per agent in JSON. + +```json title="opencode.json" {7-18} +{ + "$schema": "https://opencode.ai/config.json", + "agent": { + "build": { + "permission": { + "edit": "allow", + "bash": { + "*": "allow", + "git push": "ask", + "terraform *": "deny" + }, + "webfetch": "ask" + } + } + } +} +``` + +You can also set permissions in Markdown agents. + +```markdown title="~/.config/opencode/agent/review.md" +--- +description: Code review without edits +mode: subagent +permission: + edit: deny + bash: ask + webfetch: deny +--- + +Only analyze code and suggest changes. +``` + +Bash permissions support granular patterns for fine-grained control. + +```json title="Allow most, ask for risky, deny terraform" +{ + "$schema": "https://opencode.ai/config.json", + "permission": { + "bash": { + "*": "allow", + "git push": "ask", + "terraform *": "deny" + } + } +} +``` + +If you provide a granular bash map, the default becomes ask unless you set \* explicitly. + +```json title="Granular defaults to ask" +{ + "$schema": "https://opencode.ai/config.json", + "permission": { + "bash": { + "git status": "allow" + } + } +} +``` + +Agent-level permissions merge over global settings. + +- Global sets defaults; agent overrides when specified + +Specific bash rules can override a global default. + +```json title="Global ask, agent allows safe commands" +{ + "$schema": "https://opencode.ai/config.json", + "permission": { "bash": "ask" }, + "agent": { + "build": { + "permission": { + "bash": { "git status": "allow", "*": "ask" } + } + } + } +} +``` + +Permissions affect tool availability and prompts differently. + +- deny hides tools (edit also hides write/patch); ask prompts; allow runs + +For quick reference, here are common setups. + +```json title="Read-only reviewer" +{ + "$schema": "https://opencode.ai/config.json", + "agent": { + "review": { + "permission": { "edit": "deny", "bash": "deny", "webfetch": "allow" } + } + } +} +``` + +```json title="Planning agent that can browse but cannot change code" +{ + "$schema": "https://opencode.ai/config.json", + "agent": { + "plan": { + "permission": { "edit": "deny", "bash": "deny", "webfetch": "ask" } + } + } +} +``` + +See the full permissions guide for more patterns. + +- /docs/permissions + +--- + ### Mode Control the agent's mode with the `mode` config. The `mode` option is used to determine how the agent can be used.